[Samba] LDAP Extended attributes and dsheuristics
Rowland Penny
rpenny at samba.org
Tue May 30 15:39:36 UTC 2023
On 30/05/2023 16:23, Ben Curtis via samba wrote:
> Hi all,
>
> I can only find posts about extended attributes from ~10 years ago, so
> I figured I'd ask this here. I get the following error when trying to
> change passwords on my Samba 4.7 AD via LDAP:
Samba 4.7.x is very long in the tooth now and you really should upgrade.
You can only change an AD password over LDAPS
>
> ```
> ldap_exop_passwd(): Passwd modify extended operation failed: Extended
> Operation(1.3.6.1.4.1.4203.1.11.1) not supported
Isn't that OID an openldap style of thing ?
> ```
>
> Is this feature (1.3.6.1.4.1.4203.1.11.1) still not supported? Also, I
> have tried setting dsHeuristics for iutem 9 (fUserPwdSupport) to 1
> with:
>
> ```
> samba-tool forest directory_service dsheuristics 000000001
I do not think that is going to help.
> ```
>
> But there doesn't seem to be a way to get it to reset to "default
> value" (empty). Any ideas how I would do that?
What attribute are you trying to set/change ?
A users password is stored in the 'unicodePwd' attribute this cannot be
read, only modified with a value. Also, you have to base64 encode the
password in a special way.
It will problem help if you can explain just what you are trying to
achieve and why.
Rowland
More information about the samba
mailing list